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UNITED STATES DISTRICT COURT 
FOR THE DISTRICT OF COLUMBIA 



UNITED STATES OF AMERICA 



JOSEPH COLON, 



Defendant. 



Criminal No. CR-06-063-01 (RJL) 



GOVERNMENT'S MEMORANDUM IN AID OF SENTENCING 

The United States, by and through its attorney, the United States Attorney for the District of 
Columbia, submits this memorandum in aid of sentencing. For the reasons set forth herein, the 
government respectfuUy recommends that the Court sentence the defendant within the GuideUnes 
range calculated in the PSR. 
I. BACKGROUND 

On March 24, 2006, defendant Joseph Colon ("defendant") pled guilty to a four-count 
misdemeanor information that charged defendant with intentionally accessing a computer while 
exceeding authorized access and obtaining information from a department of the United States. 
During his plea colloquy, defendant admitted accessing files located on a Washington DC, server 
containing the hash value of the passwords of all active Federal Bureau of hivestigation (FBI) 
personnel with passwords to the FBI's classified computer network system. Hashes are essentially 
encrypted versions of user passwords, but not the actual passwords themselves. Once defendant 
obtained the hashes, defendant further admitted to using hacking software, a program named 
"LOphtcrack" (pronounced "loft crack"), to decrypt or "crack" the hash by using dictionary word 
comparisons, lists of common passwords, and character substitution techniques, among others. The 
defendant cracked thousands of passwords including the password of the Director of the FBI. 
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At the time of the offenses, defendant was a contractor for BAE systems, a company hired 
to assist in the transition of the FBI's computer systems to a new classified computer networking 
system in a project called "Trilogy." As of December 8th, 2003, Defendant was assigned to the 
Springfield, Illinois field office of the FBI as an information technology specialist (ITS) contractor. 
In his role as Field Office contractor, defendant was not authorized to access the FBI's classified file 
containing the computer network user-names and the encrypted passwords for all users on the 
network. Defendant exceeding his authority on the system at least four times to obtain the encrypted 
passwords of all users and then, each time, cracked thousands of those passwords. The four times 
include: March 2, 2004; May 24, 2004; July 26, 2004; and November 16, 2004. 
II. SENTENCING CALCULATION 

A Statutory Maxima 

The defendant pled guilty to four counts of Intentionally Accessing a Computer while 
Exceeding Authorized Access and Obtaining Information from any Department of the United States, 
in violation of Title 18, United States Code, Section 1030(a)(2)(B). The maximum sentence for each 
count is one year is confinement and the maximum fine is $100,000 per count of conviction. 

B. Sentencing Guideline Calculation 

The government agrees to the Guidelines calculations utilized in the Presentence Report 
("PSR") which correctly calculate the defendant's total offense level at 13. See PSR Tl 27. This 
includes the base offense level of six pursuant to U.S.S.G. § 2B 1 . 1 (a)(2) and a six-level enhancement 
for "loss" ofmore than $30,000 and less than $70,000 pursuanttoU.S.S.G.§2Bl. 1(b)(1)(D). There 
is an additional two-point enhancement because the instant offense involved the abuse of a position 
ofpublic trust. U.S.S.G. § 3B1.13. The government moves for a three point reduction for acceptance 
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of responsibility which yields a total offense level of 13. The PSR also has calculated correctly the 

defendant's criminal history as Category I. See PSR Tl 30. Therefore the guideline range for 

defendant Colon is correctly calculated in the PSR as 12 - 18 months. See PSR Tl 55. The PSR writer 

notes that certain factors may warrant a departure: USSG §§ 5H1.6 (Family Ties and 

Responsibilities) and 5K2.2 (Aberrant Behavior). For the reasons set forth, infra §111 of this 

Memorandum, the government respectfully recommends that the Court sentence the defendant at the 

bottom of the Guidelines range calculated in the PSR. 

III. DEFENDANT SHOULD BE SENTENCED AT THE LOW END OF THE 
GUIDELINE RANGE AS CALCULATED IN THE PSR . 



A) hi this case, the defendant, in a post-September 1 1 age, abused the trust placed in him 
by the FBI to gratuitously hack the passwords of every FBI employee, including the director, with 
access to the FBI's classified secret database. The defendant's actions, when discovered, cost the 
FBI thousands of man-hours and millions of dollars to rectify and resulted in the temporary 
shutdown of the entire classified system. Records kept on the classified system, to name just a 
couple of the many critical examples, include information related to people in the witness protection 
program and details on counterespionage activity. The defendant's actions took place in the span 
of over a year's time, involved the use of other people's identity to log on to the system, required 4 
separate intrusions beyond authorized access into the system and involved the use of hacking 
software that was not permitted on the FBI system (and the software itself was a cracked copy). The 
scope of the activity, cracking thousands of passwords, would require many hours of dedicated time 
to accomplish even with the hacking software involved. 

The guidelines are correctly calculated in the PSR. The defendant raises two objections: one 
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to the loss figure and the second to the public trust or special skill enhancement. The loss figure is 
a very conservative estimate based solely on an estimation of the cost of the unanticipated need to 
change every password in the system and verify that no compromised passwords were used again. 
Li fact, the damage assessment alone, broadly construed, could have brought the loss figure into the 
millions of dollars because of the steps taken to ensure the intrusion did not compromise national 
security information. As for position of trust or special skill enhancement, of course having a secret 
security clearance and being granted access to a classified system as a computer specialist meets both 
prongs of the definition. Moreover, the defendant used his access to gain unlawfully identification 
information for access to the same system - indeed, he used the identification to enter the system in 
the name of another. The defendant's practice of accessing the system under assumed identities is 
linked to the extraordinary cost incurred by the FBI in conducting a damage assessment of the system 
(a cost that is NOT included in the conservative loss figure). 

B) Defendant raises two possible bases for departure under the Guidelines. First, 
Defendant moves the Court to grant a downward departure for aberrant behavior pursuant to 
U.S.S.G. 5K2.2. The motion requires a two part analysis: 1) is the behavior aberrant?; 2) if so, is 
the case involving the aberrant behavior so extraordinary as to warrant a downward departure? 
Before even reaching the second part of the analysis as to whether or not a departure is warranted, 
the threshold question for the Court to consider is one of definition. And, as a threshold matter, the 
defendant's conduct was by no means aberrant. In fact, the conduct in question violates every prong 
of the definition of aberrant behavior as defined in the policy statement accompanying U.S.S.G. 
5K2.2. The policy statement defines aberrant behavior as a single criminal occurrence or single 
criminal transaction that (A) was committed without significant planning; (B) was of limited 
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duration; and (C) represents a marked deviation by the defendant from an otherwise law abiding hfe. 
Here the conduct involves multiple criminal occurrences (four separate intrusions); required 
acquiring and utilizing two separate software products and took multiple hours on each occasion; 
took place over the span of 14 months; and, finally, according to the defendant's admissions, does 
not represent the first time he has committed such conduct (he also exceeded authorized access 
during a prior period of employment in the Navy), hi short, there can be no aberrant behavior 
departure when, by definition, the behavior is not aberrant. 

Second, the defendant contents that his position as breadwinner for a stable family of five 
represents an extraordinary circumstance pursuant to U.S.S.G. 5H1.6 and warrants a departure. 
Here, under applicable case law, the record is not sufficiently developed for such a finding. In U.S. 
v. Dyce , 91 F 3d 1462 (D.C. Cir. 1996) the Court held that the defendant's status as an unwed 
mother, her responsibility for the care of her three children and the fact that she was breast feeding 
did not alone make for a convincing showing of a special hardship under U.S.S.G. 5H1.6. 
Subsequently, in U.S. v. Leandre , 132 F.3d 796 (D.C. Cir. 1998), the Court found that the 
defendant's status as a single father of two young children, who might be placed in foster care upon 
the defendant's incarceration, did not present the extraordinary circumstances required for a 
downward departure. On the facts presented to date, compared with prior case law, a short duration 
of imprisonment does not represent the sort of extraordinary hardship required for the departure. 

C) hi determining the appropriate sentence, the Court "shall consider . . . the need for 
the sentence imposed ... to reflect the seriousness of the offense, to promote respect for the law, and 
to provide just punishment for the offense." 18 U.S.C. § 3553(a)(2)(A). It is vital that the Court 
send a deterrent message that "curiosity" hacks into sites containing national security information 
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is a matter of grave concern and criminal import. The compromise of personal information and, 
more vitally, national security information is one of the most pressing issues faced by the United 
States. Given the seriousness of the defendant's actions - both the impact on national security of 
the defendant's decision to hack and the negligence and disregard for national security in the 
decision to decrypt thousands of passwords including the Director of the FBI and place them on 
insecure mediums - the government would ordinarily recommend a sentence at the high end of the 
Guideline range. However, given the defendant's lack of prior criminal history, history of 
government service, prompt and continuing cooperation with the investigation and motivations for 
the crime, the government recommends that the Court sentence the defendant to a period of 
incarceration at the low end of the guideline range. Leniency is best expressed through a Guidelines 
sentence thus taking into account the circumstances of the defendant while simultaneously ensuring 
that a benchmark exists providing a measure of uniformity: all similarly situated defendants should 
receive similar sentences. Accordingly, the government believes that a term of incarceration at the 
low end of the prescribed Guideline range is appropriate and will give both the government and the 
defendant the benefit of the bargain negotiated. 

IV. RESTITUTION 

The victim organization has documented a loss of $42,500. As the PSR states, the Court 
shall order full restitution to the victims without consideration of the economic circumstances of the 
defendant Accordingly, the government requests that the Court order restitution in the amount of 
$42,500 to the FBI. 

V. CONCLUSION 

Wherefore, the government respectfully requests that the Court sentence the defendant to a 
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term of incarceration at the low end of the prescribed range of 12 - 18 months and further that the 

Court order the defendant to pay full restitution at the conclusion of any term of incarceration. 

Respectfully submitted, 
KENNETH L. WAINSTEIN 
UNITED STATES ATTORNEY 



JOHN P. CARLIN 

Assistant United States Attorney 

Fraud & Public Corruption Section 

555 4th Street, N.W. 

Washington, D.C. 20530 

(202) 353-2457 



CERTIFICATE OF SERVICE 
I HEREBY CERTIFY that a copy of the foregoing Government's Memorandum in Aid of 
Sentencing has been served by fax upon counsel for defendant. 



JOHN CARLIN 

ASSISTANT U.S. ATTORNEY 



